I am working on an application that is accessing Gitlab on behalf of users.
I have registered my application as an Oauth provider in Gitlab. I know there were recent changes so that the access tokens issued by Gitlab now expire.
However what I am trying to understand is whether the refresh tokens expire at all? And if they do how long are they valid for. I have looked through the documentation and online for this - but all I can find is information about when the access tokens expire - nothing about how long the refresh tokens are valid.
I think that the access tokens now expire in 2 hours. I know the refresh tokens must be valid for significantly more than 2 hours but are they valid forever or is it limited? For example can I come back 5 months after my access token was issued and use my refresh token to get a new access token? Or is this period limited and shorter?
Thanks.